Web - tab of the PmaWeb object

Setting basic TCP/IP parameters of the PROMOTIC Web.
Configuration items:
Network interface IP addressIt allows to define the network interface address (network adapter), used for accepting Web server requests.
All network interfaces (default) - The Web server accepts requests through all nework interfaces of the computer, i.e. via all physical network adapters, virtual network adapters (VPN, etc.) and local interface (localhost i.e.
Local network interface (localhost) - The Web server accepts requests only via local network interface (localhost i.e. In this case the Web server accepts no requests from network interfaces. The local network interface is accessible only for applications running on the same computer as the WebServer.
Specific network interface - The Web server accepts requests only from specific network interface (e.g. from particular network card). The networ interface address is entered only in numerical form (e.g., nominal addresses cannot be used. In this case the Web server will not accept any requests neither from another network interfaces nor local network interface.

This option especially useful in cases the computer is equipped with multiple network cards while it is necessary to access teh Web only through one of them.

Port TCP/IPNumber of the TCP/IP port, on which the Web server accepts requests. Standard value for HTTP is 80 and for HTTPS is 443.

This configurator sets the initial value of the Port property.

Macro expression can be used for input (it is evaluated after starting the application).

If the port value is already used by another Web server (e.g. by Apache, IIS, etc.), then it is necessary to set different value (e.g. 85). It may often happen that the port 80 is taken by "Publish on Web" service after OS Windows installation. If you do not need this service then disable it and free this port.

Web server typeThe configurator specifies the Web server type.
Web server of the "HTTP internal" type is integrated in the PROMOTIC system system by default and it is not necessary to configure it.
Web server of the "HTTP(S) service" is a part of all recent OS Windows (do not confuse it with IIS, it is not a real independent Web server) and the PROMOTIC can use it. The configuration may be more difficult (see the puppiled utility PmHttpConfig.exe), but the performance is higher and the secure HTTPS is available.
http internal (default) - The PROMOTIC system uses own integrated Web server that is implemented directly over the communication sockets. The most important advantage is the fact that it is not necessary to configure it additionaly in OS Windows.
http service - The PROMOTIC system uses the HTTP service that is a part of all recent OS Windows as a Web server (do not confuse it with IIS, it is not a real independent Web server). The configuration may be more difficult, but the performance is higher and secured the secure HTTPS protocol is available. The configuration of HTTP service of the OS Windows in order to use it by the PROMOTIC Web server is done by the utility: PmHttpConfig.exe.
https service - Based on the HTTP service and therefore similar information is valid as for previous option "http service". The secure HTTPS protocol differs from the unsecure HTTP protocol mainly by, the communication encryption (SSL) and by the fact that the server identity is verified by the certificate (CN digital signature). This way the possibility of data tapping is eliminated together with the chance of a false Web server forging. The PmHttpConfig.exe is used for configuration including the certificate management.

Caution: For this HTTPS mode it is necessary to have the PmHTTPS licence.

Number of worker threads
Default Web file addressIf the client enters the address only in the shortened form: //ComputerName, then the request is automatically routed to the specified address.

default.htm is set by default, it means that the request is routed to the address http://ComputerName/default.htm, which is the page containing the list of Web components with references to them.

The entered address can even be compound, for example alarms/default.htm - then this request is routed to the "alarms" component.

Most frequently, the default address leads to the main application workspace (to the PmaWorkspace object). The address entered here can be: workspace/main.htm.

Default languageWeb components display language selection. Web components not registered into the PmaWebLang object are displayed using the selected language.
by runtime - According to the language defined in the "Main language of runtime" configurator (according to setting of the Pm.RtLang property).
en,de,ru,cs,sk,pl,.. - Specific language selection. Only the languages registred in the "All used languages" configurator can be selected.
Small timeout (max. time for receiving/sending one part of long request) (s)When receiving/sending a long request, the request (communication message) is separated to several small parts. The small timeout specifies the maximum allowed time for receiving/sending one part of the long request. The default value is 10 s.
Big timeout (max. time for receiving, processing, sending the whole request) (s)The big timeout specifies the maximum time for receiving, processing, sending the whole request. It goes about the maximum allowed time from receiving the first part of the request to sending the last part of the request. The default value is 30 s.
Delay between requests or between parts of long requestEnable/disable to insert delays between requests.

When receiving a long request consisting of several parts, a delay in inserted between individual parts of the receiving request.

When sending a long request consisting of several parts, a delay is inserted between every transmitted part of the request.

It means that a short request with a short response (receiving the request in one part, and sending the response in one part) includes one delay, namely after sending (serves for separation of various requests).

Delay (ms)The size of inserted delay in milliseconds. The accuracy is about 10 ms.
Strict mode of network users login into the application requiring the use of both name and passwordEnable/disable the strict login mode of the network users.

The strict mode is recommended because in this mode the application behavior is simpler and unambiguous.

The configurator specifies the behavior of the PROMOTIC Web server for network requests without the name and password.

Explanation of the differences between the strict and non-strict mode see There are the following rules for PROMOTIC server.

Extended configurationAllows setting the additional values for the web server. Entries are in KeyVal format. For example Authentication:Digest;HttpHeaders:{0:{Name:Cross-Origin-Resource-Policy;Value:same-site;};1:{Name:Content-Security-Policy;Value:frame-ancestors 'self';};};CorsOrigins:*;
Authentication - Web client (browser) user authentication type For example Authentication:Digest;
Basic (default) - The name and password in the HTTP headers in Base64 is unencrypted, so it can be detected.
Digest - Instead of the password, the HTTP headers contain only the password Hash (Digest), so the password cannot be detected. The hash is currently of the MD5 type, SHA256 will be added later.
HttpHeaders - An array of headers for the web server that will be added to each reply. Entries are in KeyVal format in the form of representing an array. KeyVal of the array type requires the item name to be a numeric index of the array item. The index starts with the value 0 and then increments by 1. If the sequence of indexes 0, 1, 2, 3, ... is interrupted then it is not considered to be a valid KeyVal of the array type. Each header for web server contains Name and Value. Entries are in KeyVal format. For example HttpHeaders:{0:{Name:Cross-Origin-Resource-Policy;Value:same-site;};1:{Name:Content-Security-Policy;Value:frame-ancestors 'self';};};
An example of recommended headers for increased security of the web application:
Cross-Origin-Resource-Policy: same-site - Provides protection against requests from another sources.
Content-Security-Policy: frame-ancestors 'self' - Provides protection against pasting a webpage into another webpage from another source (Clickjasking).
CorsOrigins - (CORS - Cross-Origin Resource Sharing) Enables/disables the HTTP request for data by script using XMLHttpRequest from HTML page whose Origin (protocol+domain+port) is different from the Origin the page with data. This mechanism is activated only if the Origin of the HTML page (script and XMLHttpRequest) and the data page (JSON, XML) is different (different web servers). For example CorsOrigins:*;
"" (default) - If the key is not present or it value is an empty string "" then the CORS is disabled. For example CorsOrigins:;
* - If the value is a string containing the character * then the CORS is enabled for all Origins. For example CorsOrigins:*;
origin1,origin2,... - A list of all enabled Origins separated by commas ,. For example CorsOrigins:,;
If the port value is 80 for HTTP or 443 for HTTPS (i.e. the standard value), then in the Web browser the URL address of the component is:



Pm9.00.11: New "Extended configuration" configurator with the option HttpHeaders.
PROMOTIC 9.0.14 SCADA system documentation - MICROSYS, spol. s r.o.

Send page remarkContact responsible person
© MICROSYS, spol. s r. o.Tavičská 845/21 703 00 Ostrava-Vítkovice